Microsoft API | Emails are scanned in parallel with the delivery of the email. The email first arrives in the end-user inbox, and only after scanning, is the email removed if it is found to be malicious. End users may therefore see malicious emails in their inboxes for a few seconds before the email is deleted. Doesn't require a TXT record. Includes a simple onboarding process. For details, see "Onboarding Microsoft 365 [API]" on page 166 Flow chart diagram
|
Note:
[Outbound monitoring can be added to inbound Microsoft 365 [Inline and API] integrations - see "Onboarding Microsoft 365 - Outbound" on page 217]
|
Perception Point X-Ray scans email messages up to a maximum of 40 MB [including attachments]. Larger email messages are not scanned by Perception Point X-Ray, and will be delivered to the specified recipients.
Note:
|
Comparing the Inline and API connection methods
The table below should help you to choose the better connection method for your scenario - Inline or API...
| Inline | API scanning |
| Operates in prevention mode | Operates in detection and response mode |
| More complex connection procedure - typically requires about 10 minutes to complete | Simple and quick connection procedure - typically requires about 2 minutes to complete |
| Requires adding a TXT record to the DNS | A TXT record is not required |
| Scans and blocks malicious emails pre-delivery | Scans emails in parallel with the delivery of the emails |
| Adds an extra hop to the email | Scans in parallel and therefore doesn't add a hop |
| End users won’t see any emails with malicious scan verdicts in their inboxes | End users may see malicious emails in their Inboxes for a few seconds before the scan is completed and the email is deleted |
| Supports hybrid environments | Supports only Microsoft 365 environments |
| Allows remediation | Allows remediation |
| Supports scanning of inbound, internal, and outbound email | Supports scanning of inbound and outbound email |
Onboarding Microsoft 365 [API]
About onboarding Microsoft 365 using the Microsoft API
You can connect your Microsoft 365-based email services to Perception Point's Advanced Email Security – using the Microsoft Graph API. This is called the Microsoft API connection method.
Note: With the Microsoft 365 API method of integration, Perception Point X-Ray scans email messages up to a maximum of 500 MB [including attachments]. |
By default, the Microsoft 365 integrations monitor incoming emails only - not outgoing emails.
- By default, internal email is not monitored. To add monitoring for internal email, contact Perception Point Support
- [support@perception-point.io]. There may be additional licensing requirements for enabling internal scanning.
Note:
Suggested workaround: To change the set of assets that are protected, first off-board the API integration, and then on-board it again, with the required protection configuration.
|
A bit more about the Microsoft 365 API integration
Onboarding process
- API scanning initiates by creating a Webhook for each user within the Microsoft 365 environment.
Protection mechanism
- When a user is protected by Perception Point X-Ray Microsoft 365 API integration, the scan activates upon the arrival of an inbound email.
- Microsoft 365 triggers notifications to the scanning system about new emails in a user's Inbox.
- The system retrieves the email's metadata and EML file copy for analysis.
Scan and response
- Clean: If an email is assigned a clean verdict, the email proceeds to the user's Inbox without intervention.
- Spam: By default, spam emails are moved to the junk folder via Microsoft Graph API's REST API calls.
- Malicious: By default, malicious emails are moved to a hidden folder inside the user's mailbox. The hidden folder is created upon encountering the first malicious threat for that user.
When an email is moved to the quarantine folder, the subject of the quarantined email is changed to "Quarantined Email" and the content [body] of the quarantined email is changed to "This Email has been quarantined." If the quarantined email is subsequently found to be clean or spam [junk], the original subject and contents are returned to the email when it is released.
How to onboard Microsoft 365 using the Microsoft API
This onboarding procedure for a Microsoft 365 API integration includes:
- Specifying the connection method.
- Enabling the Perception Point app - that enables the required access to your Microsoft 365 account.
- Specifying who to protect [the plan].
- Initiating the connection process.
To onboard Microsoft 365 using the Microsoft API:
- On the right of the Perception Point X-Ray banner, click the Add Services [
] icon.
- Click Add A New Email Service - if this option appears.
- Select the Organization - if necessary.
- Specify the Escalation contacts. For details, see "Escalation contacts" on page 100.
- In Email Service, select Microsoft 365.
- In Connection Method, select Microsoft API.
- Inbound will be automatically selected. This configures Perception Point X-Ray to scan emails that are received from outside the organization.
- Outbound: [Optional] This configures Perception Point X-Ray to scan emails that are sent from inside the organization. This option appears only if outbound scanning is enabled.
- Click ENABLE M365 APP - in the bottom right corner. [This is the remediation app.]
Important: If the ENABLE M365 APP button is not enabled, make sure that you have specified an escalation contact above. |
- A pop-up window will open - allowing you to sign-in to your Microsoft account.
Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer. |
- Sign-in to your Microsoft account as a global admin.
You'll see a list of the permissions that are required by the Perception Point app.
- Click Accept.
The next step in the onboarding wizard appears.
- Click Next. A summary of your selected configurations will be displayed.
- Review the configurations, and then click Done. This will begin the connection process to protect the users that you specified above. This connection process may take a while to complete.
Connection start time: | The time that the connection process was started. |
Completion time: | The time that the connection process was completed. |
Total no. of users in plan: | The number of users included in the plan. This is the maximum number of users that will be protected when the connection process is complete. This excludes invalid users in the plan. |
Protected users: | The number of users that are already protected by Perception Point X-Ray. |
Non-supported users (on-prem): | The number of Microsoft Exchange users that are included in the plan that you specified. These users will not be protected by Perception Point X-Ray. You can export a .csv file that contains a list of these users. This value is applicable in "Microsoft 365 - Exchange" hybrid environments. |
Currently non-operative users: | The number of users that are included in the plan that you specified, but for whom Perception Point X-Ray was not able to add protection during the connection process. You can export a .csv file that contains a list of these users. |
This information will be displayed for 30 days after the connection process is completed.
When the In Progress indicator changes to Completed, the users included in the plan will be protected.
Monitoring Mode Important [for integrations in monitoring mode only] Note: In monitoring mode [also known as passive mode], Perception Point X-Ray will not quarantine any malicious emails or route spam to junk boxes. To complete the API integration in monitoring mode, perform these steps:
Note: Perception Point X-Ray will not quarantine any malicious emails or route spam to junk boxes.
|
].
Configuring spam remediation
Configuring a Microsoft 365 API integration includes specifying what happens to emails that are assigned a spam verdict [if spam emails are not configured to be quarantined]. The options are:
- Inbox: The email is sent to the user's Inbox. This setting is typically used for PoC installations - not for production installations.
- Junk: The email is sent to the user's Junk folder. This setting is typically used in production installations - not in PoC installations.
With the Microsoft 365 API integration, Perception Point X-Ray may move an email from the Inbox to the Junk folder after the email has initially arrived in the Inbox. The procedure is therefore referred to as "spam remediation".
When a Microsoft 365 API inbound integration is initially configured, the spam remediation is set to Junk.
Note: The "spam remediation" functionality will apply only if:
|
The spam remediation controls appear only if a Microsoft 365 API inbound integration is configured.
To change the spam remediation location:
- Open the Account > Channels page.
- Under Enabled Channels, on the right of Email Service > Microsoft 365, click Channel Settings. The "Email Service Settings" sidebar opens.
- Click Edit [
]. - Under Microsoft Account Options > "Move spam emails that are not quarantined to", select Junk or Inbox.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article